Dns name with egress network policy

Asking for help? Comment out what you need so we can get more information to help you!

Hi Team,

I have been creating egress network policy using the official documentation under my name space in an AKS cluster. I am using calico network plugin. I see that in the documentation we are able to only use cidrrange but with openshit we were able to use both cidr as well as dnsname as mentioned from here. So could you please let me know if we have any alternative for specifying dnsname in aks as well because when I use the same I get get a resource not found error.

Any help would be appreciated.

Hi firoshaq,

Looks like the Calico CNI doesn’t support FQDN policies in the version that AKS uses (DNS policy is in their enterprise edition though.

I did come across another user who bumped into a similar situation on Azure and ended up using an interesting workaround using externalname services in this thread on reddit.

Outside of that I think the only other CNI that supports FQDN policies that I am aware of is Cillium but I haven’t given it a shot on AKS yet, Docs for installing.

Hope that helps!